CentOS7修改ssh端口并通过密码登录

作者: Huang Jinqiang 分类: Linux 发布时间: 2016-12-20 14:58

 

CentOS7相比CentOS6的防火墙改变特别大,所以记录下

1.修改sshd端口并只限制密钥登录

编辑/etc/ssh/sshd_config

Port 20755
PermitRootLogin no
PubkeyAuthentication yes

PermitEmptyPasswords no
PasswordAuthentication no

#GSSAPIAuthentication yes
#GSSAPICleanupCredentials no

UseDNS no

 

2. 修改防火墙开放端口

cp /usr/lib/firewalld/services/ssh.xml /etc/firewalld/services/
vim /etc/firewalld/services/ssh.xml
<port protocol="tcp" port="20755"/>

vim /etc/firewalld/zones/public.xml
<?xml version="1.0" encoding="utf-8"?>
<zone>
<short>Public</short>
<description>For use in public areas. You do not trust the other computers on networks to not harm your computer. Only selected incoming connections are accepted.</description>
<service name="dhcpv6-client"/>

<rule family="ipv4">
<source address="172.16.60.0/24"/>
<service name="ssh"/>
<accept/>
</rule>
</zone>

 

3. 登录普通用户

useradd hzkeung

su - hzkeung

mkdir .ssh

chmod 600 .ssh

vi .ssh/authorized_keys #输入密钥的公钥

chmod 600 .ssh/authorized_keys

 

4.切换到root, 并重新加载配置文件
systemctl restart sshd.service; firewall-cmd --reload

发表评论

电子邮件地址不会被公开。 必填项已用*标注